CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Comments on the S/KEY user authentication scheme
ACM SIGOPS Operating Systems Review
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Password authentication with insecure communication
Communications of the ACM
Security enhancement for optimal strong-password authentication protocol
ACM SIGOPS Operating Systems Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Two simple attacks on Lin-Shen-Hwang's strong-password authentication protocol
ACM SIGOPS Operating Systems Review
A secure and efficient strong-password authentication protocol
ACM SIGOPS Operating Systems Review
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
| Hi-index | 0.00 |
In 2003, Lin et al. proposed an enhanced protocol of optimal strong-password authentication protocol (OSPA). Recently, Chang and Chang showed that Lin et al.'s protocol is vulnerable to a server spoofing attack and a denial-of-service attack and then described an improved protocol. In this paper, we show that Chang-Chang's protocol is still vulnerable to a stolen-verifier attack. In addition, we also propose an improved protocol with better security.